package com.eight.cloud.security.config;

import com.eight.cloud.security.filter.AuthorityFilter;
import com.eight.cloud.security.filter.JwtRequestFilter;
import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.annotation.Resource;

/**
 * @ClassName: ResourceServerConfig
 * @Author: TXC
 * @Date: 2024-11-03 13:34
 **/
@AutoConfiguration
@EnableWebSecurity
public class ResourceServerConfig {
    @Resource
    private BaseUrlAuthorizationManager baseUrlAuthorizationManager;
    @Resource
    private PermitProperties permitProperties;
    @Resource
    private UnAuthEntryPoint unAuthEntryPoint;
    @Resource
    private AuthAccessDeniedHandler accessDeniedHandler;
    @Resource
    private AuthorityFilter authorityFilter;
    @Resource
    private JwtRequestFilter jwtRequestFilter;

    @Bean
    @ConditionalOnMissingBean
    SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.csrf(AbstractHttpConfigurer::disable)
                // 允许跨域访问
                .cors(e -> e.configure(http))
                .httpBasic().disable()
                .formLogin().disable()
                // 不需要session
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                // 没有权限访问时默认的返回值
                .exceptionHandling(exception -> exception.accessDeniedHandler(accessDeniedHandler).authenticationEntryPoint(unAuthEntryPoint))
                .authorizeHttpRequests(httpRequest ->
                        httpRequest
                                // 放行接口
                                .regexMatchers(HttpMethod.OPTIONS, "/*").permitAll()
                                .antMatchers(getIgnoreUrl()).permitAll()
                                .anyRequest().access(baseUrlAuthorizationManager))
                .addFilterBefore(authorityFilter, UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }

    private String[] getIgnoreUrl() {
        if (permitProperties.isEnable()) {
            return permitProperties.getIgnore();
        }else {
            return new String[]{"/**"};
        }
    }

    @Bean
    @ConditionalOnMissingBean
    public UserDetailsService userDetailsService() {
        // 返回一个空的UserDetailsService，避免生成默认用户
        return new InMemoryUserDetailsManager();
    }

}
